Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with AutoconfigUrl and Proxy.pac


  • Please log in to reply
1 reply to this topic

#1 Jurionx

Jurionx

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 06 May 2016 - 09:38 AM

My computer seems to be infected with an AutoConfigUrl hijacker, and after running MalwareBytes, 

 

the Registry Value - Hijack.AutoConfigURL.PrxySvrRST was found and quarantined. My PC was fine until a restart, where the issue of the proxy slowing down my browser and redirecting my search traffic resumed. Running further scans show no results of threats.

 

Following some similar cases, I have also located a registry key in HKLM_Software_Microsoft_Windows_CurrentVersion_InternetSettings. 

An AUtoConfigURL with data leading to http://xn--koa.net/proxy.pac.

 

Trying to change any proxy settings do not take effect, and the proxy configuration is always applied.

 

Please advise me. Thank you.



BC AdBot (Login to Remove)

 


#2 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:06:09 AM

Posted 06 May 2016 - 05:42 PM

That link is definitely malicious. Please do not use your computer to visit Google until it's cleaned up. I would not use that computer to visit anything, frankly, but that link indicates it only wants to steal traffic intended for Google.

Because you're infected and you've tried MBAM, it'll probably be faster to redirect you to the MRT forum. To get help from the MRT (who can use better tools than this section can), make a thread in the Virus, Trojan, Spyware, and Malware Removal Logs section. You have to follow the instructions in the preparation guide prior to posting your thread, since it contains the steps to follow when posting it.

Good luck! :)

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users